Preventing online fraud.

Category Archives: Malware - Page 2

This had to happen sooner or later. A virus has been discovered that can affect Android phones. It uses the conference call feature of the phone to send your conversations to a remote server (spying on your conversations).

The virus is reported to now be on over 150,000 phones. This is quite serious. There are also two strains of the virus now, indicating that people are working on making things worse for everyone.

This virus is called HongTouTou. It was discovered in an app called Dynamic Footprint Wallpaper, hosted on an app store in China. More information here.

How can a phone get a virus?

Android phones are smartphones, meaning the phone is actually a computer. And like any other computer you can download and install programs onto it, commonly called Apps.

Now the philosophy behind Android phones is that it’s less regulated than other phones, such as Apple’s iPhone, and you’re free to install any app you want. Even ones that contain viruses.

With Android phones you have a choice where to download your apps from. And unfortunately this included untrusted sources where people can add viruses to apps. It’s all very similar to Windows PCs and the popular viruses from a few years ago.

What about iPhones and other phones?

This particular virus only affects Android, not any other phones.

How to avoid HongTouTou?

For now the best thing to do is to only use app stores you trust. Don’t rush into downloading an app just because it’s popular or cool, read up on it first.

The email shown below is not from Adobe, it’s a fake. It has words that would get most people’s attention but the links in the email do not point to any real Adobe products. If you receive this email, delete it. Don’t click on the links.

The fake email looks like this:

Dear Customers,

Adobe is pleased to announce new version upgrades for Adobe Acrobat 2010.

http:// www.adobe-new-software.com

Advanced features include:

– Collaborate across borders

– Create rich, polished PDF files from any application that prints

– Ensure visual fidelity

– Encrypt and share PDF files more securely

– Use the standard for document archival and exchange

To upgrade and enhance your work productivity today, go to:

http://www.adobe-new-software.com

If you have any question please contact us at: support@adobe-new-software.com

Adobe does not send out emails like this. Acrobat Reader can update itself by showing a small window with update information (and you should update it as soon as updates are released). You should not have to visit a web site to download Acrobat updates.

Now that you’re making your payment online, are you aware of all the convenient ways you can manage your account online?

Just log on to www.chase.com/creditcards today. Using the "I’d like to…" links for your credit card account, you can access more than a dozen features, including links to: See statements – Choose to stop receiving paper statements, and see up to six years of your statements online. See automatic payments – Set up monthly payments to be made automatically. Transfer a balance – Transfer a balance to your credit card account. Go to Personalized Alerts – Schedule Alerts to remind you of key account activity. You can also see past payments you’ve made online by logging on to www.chase.com/creditcards and clicking "See/cancel payments" under "I’d like to …"

If you have questions, please call the Customer Service number on the back of your credit card.

Thanks again for using online payments.

Sincerely, Cardmember Services

Never trust emails like this, especially if you don’t have an account with the company.

A useful trick to spot these scams is:

Identify which company the email claims to be from. In this case, it’s a company called Chase.

Place your mouse pointer over a link, but don’t click.

Look at the bottom of your screen, you should see the real link it points to. (You need to be using a modern web browser for this to work).

If the addresses don’t match then it’s likely a scam.

E.g., the email above talks a lot about chase.com. This is a real company in USA. When I place my mouse pointer over the link, my browser says it goes somewhere different. The addresses don’t match, this is a scam. See the picture on the right.

As if malicious web sites weren’t enough of a problem now we have web sites with fake warnings that look just like the real thing.

Google Chrome has an excellent system that warns of dangerous web sites. When you click on a link to a dangerous (malicious) site, hopefully it will give you a large red warning page.

Now someone has been using this to trick people into thinking the website is malicious. It also asks you to download something called “Google Chrome secure updates” – this is bad, you shouldn’t have to install anything.

Here is the fake warning message (click to enlarge):

The popup message says:

This web page has been blocked based on your security preferences. Click ‘OK’ to download and install Google Chrome secure updates.

And here is the real warning message:

So never trust web sites that ask you to download anything, and if in doubt search Google for more information.

Any unsolicited email that asks you to open an attachment is bad. If that attachment is a program then you can consider it a scam. Below is an email I received with a link to malware. It’s asking me to download and run an unknown program. The email also says it was sent by me, rather odd. I’ve removed personal details from the email,

A new settings file for the <email address> has just been released

Dear user of the <email address> mailing service!

We are informing you that because of the security upgrade of the mailing service your mailbox <email address> settings were changed. In order to apply the new set of settings please click to this link and open file((If clicking the link in this message does not work, copy and paste it into the address bar of your browser.)

http://<removed>/ settings.exe

Best regards, <email address> Technical Support.

The words in italics and in < > are my changes, to make it easier to read and search, and to avoid linking to the actual malware.

Any email that looks like the above is suspicious. Any attachment (and especially one that ends with .exe) is suspicious, and when it says that I sent it to myself it leaves no doubt that this is a scam that links to malware.

Learning to recognise these scam emails is important. Relying on virus scanners is good but common sense also helps.

Here’s something that happens every day, a message appears in your web browser telling you a virus was found and to click OK to do a scan. To get straight to the point, this is a fake antivirus program designed to trick you into installing real malware.

If you see this on your browser, close the browser. Don’t click on any buttons. And most importantly, don’t panic. These scams are designed to scare you into making irrational decisions.

Below are screenshots of how it looks (click to enlarge the screenshots):

Samsung’s new phone, the S8500 Wave, has appeared in Germany with its memory card infected with malware. And it’s fairly dangerous, if it installs itself onto your computer it will download backdoor programs and spyware, making your computer wide open to hackers and criminals. Prevention is definitely better in these cases.

The malware can affect Windows computers if you connect the phone to the computer. It’s as simple as that.

There are a couple of things you can do to avoid this malware, and to avoid similar malware in the future from similar scenarios:

I received an email that claims to be from Facebook (it’s a forged email). The email is designed to trick people into opening the attachment. Here’s what the it says,

Hey [name removed],

Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.

Thanks, The Facebook Team

There’s another version some people have received that is similar but has a different introduction and sign off,

Dear user of facebook,

Because of the measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.

Thanks, Your Facebook

Both of these emails come with a virus attached. And neither of these emails were actually sent from Facebook. In fact, Facebook had absolutely nothing to do with it, the scammers just mention the word to encourage people to open the attachment.

So as always, be suspicious of unsolicited emails, and be suspicious of attachments you didn’t ask for.

Another email designed to scare you and possibly make you curious enough to open an attachment.

The attachment has a virus, of course. And the email has all of the usual traits such as poor spelling and grammar. Below is what it says,

Your internet access is going to get suspended

The Internet Service Provider Consorcium was made to protect the rights of software authors, artists. We conduct regular wiretapping on our networks, to monitor criminal acts.

We are aware of your illegal activities on the internet wich were originating from

You can check the report of your activities in the past 6 month that we have attached. We strongly advise you to stop your activities regarding the illegal downloading of copyrighted material of your internet access will be suspended.